Commit a14aaa6f authored by Yoshinori Okuji's avatar Yoshinori Okuji

Prevent indexing _View_Permission in roles_and_users.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@32275 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent f1157edc
No related merge requests found
......@@ -110,6 +110,12 @@ class IndexableObjectWrapper(object):
# user:<user_id>:<role_id>
# A line must not be present twice in final result.
allowed = set(rolesForPermissionOn('View', ob))
# XXX the permission name is included by default for verbose
# logging of security errors, but the catalog does not need to
# index it. Unfortunately, rolesForPermissionOn does not have
# an option to disable this behavior at calling time, so
# discard it explicitly.
allowed.discard('_View_Permission')
# XXX Owner is hardcoded, in order to prevent searching for user on the
# site root.
allowed.discard('Owner')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment